Die Dozenten der Informatik-Institute der Technischen Universität Braunschweig laden im Rahmen des Informatik-Kolloquiums zu folgendem Vortrag ein:
MSc. Ayse Morali, Distributed and Embedded Security Research Group, Universiteit Twente: Risk-Based Confidentiality Requirements Specification for Outsourced IT Systems
Beginn: 12.04.2010, 15:30 Uhr Ort: TU Braunschweig, Informatikzentrum, Mühlenpfordtstraße 23, 1. OG, Hörsaal M 160 Webseite: http://www.ibr.cs.tu-bs.de/cal/kolloq/2010-04-12-morali.html Kontakt: Dr. Andrea Herrmann
SLAs for availability and response time are common practice in business, but so far there is no practical method for specifying confidentiality requirements in an SLA. Specifying confidentiality requirements is hard because in contrast to availability and response time, confidentiality incidents cannot be monitored: attackers who breach confidentiality try to do this unobserved by both client and provider. In addition, providers usually do not want to reveal their own infrastructure to the client for monitoring or risk assessment. CRAC++ is architecture-based method for confidentiality risk assessment in IT outsourcing which aims at confidentiality requirements specification. This presentation includes a case study to evaluate this new method.